Extract Information from Ticket.
Michael B Allen
mba2000 at ioplex.com
Mon Mar 5 11:34:03 EST 2007
On Mon, 5 Mar 2007 10:18:15 +0200
"Bruce Stewart" <BruceS at nsfas.org.za> wrote:
> > The
> > stock jcifs distribution only supports NTLM SSO (but that
> > actually works
> > quite well assuming you don't need delegation).
>
> FWIW...the spnego classes accept NTLM aswell as Kerberos tokens - which was a problem for us - we only wanted Kerberos tokens (because we wanted delegation). I created our own bare bones version of the jcifs.spnego.Authentication class - removed the jcifs dependencies (i.e. NTLM code), "client" code and reflection based GSS-API code. Instead of returning a Principal with authentication.getPrincipal(), we return a javax.security.auth.Subject (which contains the KerberosPrincipal and KerberosTicket) with getSubject(). That allows us to use Subject.doAs(subject, ...) etc.
>
> Using the jcifs-ext code as a guide it was pretty easy for us to create exactly what we needed.
Yes, the peculiararities of the jcifs-ext SPNEGO classes using reflextion
has made it difficult for me to accept it into the stock distro. And
thus jcifs-krb5 (which uses those classes) is a separate package.
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list